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WHAT IS CLAIMED IS : 

1 . A method for provisioning routing policy of a plurality of sites of a 
Virtual Private Network (VPN), comprising: 

enabling graphically defining of relationships between said plurality of sites of 
said VPN; and 

automatically generating at least one routing rule for each site of said VPN 
based at least in part on said defined relationship. 

2. The method of claim 1, wherein automatically generating at least one 
routing rule comprises: 

automatically generating at least one import rule; 
automatically generating at least one local export rule; and 
automatically generating at least one remote export rule. 

3. The method of claim 1, wherein automatically generating at least one 
routing rule for each site comprises generating an import rule for discarding route 
information received from the respective site. 

4. The method of claim 1, wherein automatically generating at least one 
routing rule comprises generating, for a site of said plurality of sites, an import rule 
for accepting route information, in response to said site being a member of a mesh 
VPN component, received from any site of said plurality of sites which is a member 
of said mesh VPN component. 

5. The method of claim 1, wherein automatically generating at least one 
routing rule comprises generating, for a site of said plurality of sites, an import rule 
for accepting route information, in response to said site being a hub of a hub-spoke 
VPN component, received from any site of said plurality of sites which is a member 
of said hub-spoke VPN component. 
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6. The method of claim 1, wherein automatically generating at least one 
routing rule comprises generating, for a site of said plurality of sites, an import rule 
for accepting route information, in response to said site being a spoke of a hub-spoke 
VPN component, received from any site of said plurality of sites which is a hub of 

5 said hub-spoke VPN component. 

7. The method of claim 1, wherein automatically generating at least one 
routing rule comprises automatically generating at least one local export rule, wherein 
the number of local export rules generated is at least equal to the number of VPN 

10 components of said VPN that the respective site is a member of. 

8. The method of claim 1, wherein automatically generating at least one 
routing rule comprises: 

generating, for a site of said plurality of sites in response to said site being a 
1 5 member of a mesh VPN component, a local export rule for: 

accepting routes from a Provider Edge-Customer Edge (PE-CE) 
routing protocol; 

associating route information of said VPN to said accepted routes; and 
advertising said accepted routes and said route information to all 
20 members of said mesh VPN component. 

9. The method of claim 1, wherein automatically generating at least one 
routing rule comprises: 

generating, for a site of said plurality of sites in response to said site being a 
25 hub of a hub-spoke VPN component, a local export rule for: 

accepting routes from a Provider Edge-Customer Edge (PE-CE) 
routing protocol; 

associating route information of said VPN to said accepted routes; and 
advertising said accepted routes and said route information to all 
30 members of said hub-spoke VPN component. 



ATTORNEY'S DOCKET NO. 
5022.20-1 



26 



PATENT APPLICATION 



10. The method of claim 1, wherein automatically generating at least one 
routing rule comprises: 

generating, for a site of said plurality of sites in response to said site being a 
spoke of a hub-spoke VPN component, a local export rule for: 
5 accepting routes from a Provider Edge-Customer Edge (PE-CE) 

routing protocol; 

associating route information of said VPN to said accepted routes; and 
advertising said accepted routes and said route information to all 
members of said hub-spoke VPN component. 

10 

11. The method of claim 1, wherein automatically generating at least one 
routing rule comprises: 

generating, for a site of said plurality of sites in response to said site being a 
member of a VPN component, a plurality of local export rules for: 
15 accepting routes from a Provider Edge-Customer Edge (PE-CE) 

routing protocol; 

associating at least two sets of route information of said VPN to said 
accepted routes; and 

advertising said accepted routes and said route information to members 
20 of said respective VPN component. 

12. The method of claim 1, wherein automatically generating at least one 
routing rule for each site comprises generating a remote export rule for not advertising 
route information received from a site which is a member of a VPN component to a 

25 site which is not a member of said VPN component. 

13. The method of claim 1, wherein automatically generating at least one 
routing rule for each site comprises generating, for a site of said plurality of sites in 
response to said site being a member of at least two VPN components, a remote 

30 export rule for advertising route information received from a site which is a member 

of a first VPN component of said at least two VPN components to at least one site 
which is not a member of said first VPN component. 
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14. The method of claim 1, further comprising storing said at least one 
routing rule in a database. 
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15. A system for provisioning routing policy of a plurality of sites of a 
Virtual Private Network (VPN), comprising: 

a graphical user interface, comprising: 

a display area graphically displaying at least one VPN component of 
5 said VPN; and 

a customer area displaying said plurality of sites, at least one of said 
plurality of sites operable to be dragged from said customer area to said 
display area, wherein dropping of said at least one site on a graphical 
representation of said at least one VPN component causes said at least one site 
10 to be displayed in said display area and to become a member of said VPN 

component. 

16. The system of claim 15, further comprising means for automatically 
generating at least one routing rule for each site of said plurality of sites based at least 

15 in part on a membership of said respective site. 

17. The system of claim 16, further comprising means for distributing said 
respective generated routing rule to a respective one of said plurality of sites of said 
VPN component. 

20 

18. The system of claim 17, further comprising means for processing, by 
each site, route information received from said plurality of sites based at least in part 
on said at least one routing rule generated for said respective site. 

25 19- The system of claim 18, further comprising means for establishing 

routing relations between said plurality of sites based at least in part on said processed 
routing information. 
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20. The system of claim 15, further comprising a database operable to 
store said at least one routing rule. 
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21. A method for provisioning routing policy of a plurality of sites of a 
Virtual Private Network (VPN), comprising: 

graphically displaying at least one VPN component of said VPN; 

enabling dragging of a representation of at least one site of said plurality of 
sites towards said at least one VPN component; 

enabling dropping of said representation of said at least one site on said 
representation of said at least one VPN component thereby causing said site to 
become a member of said VPN component; and 

automatically generating at least one routing rule for each site of said plurality 
of sites based at least in part on a membership of said respective site. 

22. The method of claim 21, further comprising storing said at least one 
routing rule and route information received from said plurality of sites in a database. 

23. The method of claim 22, wherein said route information comprises at 
least one route information item selected from the group consisting of a Route 
Distinguisher (RD), a Route Target (RT), a Site of Origin (SOO), a VPN ID, an 
Internet Protocol version 4 (IPv4) Prefix, and Next Hop Information (NH). 

24. The method of claim 22, wherein said route information is denoted by 
a 6-tuple 

{RD, RT, SOO, VPNJD, IPv4 Prefix, NH}, wherein RD denotes a Route 
Distinguisher, RT denotes a Route Target, SOO denotes a Site of Origin, VPNJD 
denotes a VPN ID, IPv4 Prefix denotes an Internet Protocol version 4 prefix, and NH 
denotes Next Hop Information. 

25. The method of claim 24, wherein automatically generating at least one 
routing rule comprises generating a routing rule for discarding route information 
received from site si, said routing rule being denoted as 

mask {0, 0, 1, 0, 0, 0}, value{0, 0, si, 0, 0, 0}, action = reject. 
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26. The method of claim 24, wherein automatically generating at least one 
routing rule comprises generating a routing rule for accepting route information 
comprising a specified Route Target rtl, said second routing rule being denoted as 

mask {0, 1, 0, 0, 0, 0}, value{0, rtl, 0, 0, 0, 0}, action = permit. 

27. The method of claim 24, wherein automatically generating at least one 
routing rule comprises: 

automatically generating at least one local export rule and at least one remote 
export rule, said at least one local export rule and said at least one remote export rule 
being genetically denoted by: 

mask {0 1 1, 0 1 1, 0 1 1, 0 1 1, 32 bit mask for IPv4 Prefix, 0 1 1}, Value {*, *, *, *, 
*, *}, action = reject I accept with {RD, RT, SOO, VPNJD, = , NH}. 



